KR20220052352A - Online privacy protection technology - Google Patents

Abstract

This specification describes techniques for preventing the sharing or leakage of user information. In an aspect, a method includes receiving, by a first MPC server, a request for selection criteria of at least one interest group to which a user of a client device belongs. The received request does not disclose the identifier of the client device to the first MPC server. In response to receiving the request, the first MPC server determines the ordered set of selection criteria of the at least one interest group retrieved from the cache of the first MPC server. The ordered set of selection criteria is converted into a set of key/value pairs that are protected from being published by the second MPC server. The first MPC server sends to the second MPC server a set of key/value pairs along with data enabling the second MPC server to identify the key with the highest value.

Description

Online privacy protection technology

The present invention relates to online privacy protection technology.

The present invention relates to data processing and user privacy protection in an online environment. Improvements in online user privacy have changed the way many browser developers handle user data. For example, although third-party cookies are no longer supported in some browsers, the deprecation of third-party cookies may result in less relevant content being delivered to users.

In general, one innovative aspect of the subject matter described herein is a method, wherein the method is configured on a first multiparty computing (MPC) server (also referred to herein as a first MPC system or a first computing system) of an MPC cluster. for selection criteria of at least one interest group from a set of two or more interest groups to which a particular user of the client device belongs by and from a second MPC server (also referred to herein as a second MPC system or a second computing system) of the MPC cluster; Receiving the request, the received request not disclosing an identifier of the client device to any MPC system, the method comprising: receiving a request for selection criteria, in response to receiving the request, a second MPC server presents an ordered set of selection criteria of at least one interest group of two or more interest group sets to which a particular user of the client device belongs, retrieved from the cache of the first MPC server using the portion of the request protected from being published by determining by one MPC server, converting the sorted set of selection criteria into a set of key/value pairs, wherein the value of each key/value pair is protected from disclosure by a second MPC server converting, by the first MPC server, the set of selected selection criteria into a set of key/value pairs; sending the set of key/value pairs to the second MPC server together with data enabling identification of the key with

In some implementations, the method includes a given interest predicted to include a particular user of a client device by a content distribution system by a first MPC server and from a content distribution system different from the first MPC server and the second MPC server. receiving the given selection criteria of the group and caching, by the first MPC server and in the cache of the first MPC server, the given selection criteria of the given interest group predicted to include a particular user of the client device. do.

In some implementations, a method includes receiving a content request submitted by a client device by a content distribution system, generating a candidate selection criterion in response to the content request in response to the content request, based on the content request determining a given interest group that is predicted to include a particular user of the client device, and generating a given selection criterion of the given interest group based on the determination that the given interest group is predicted to include a particular user of the client device. , sending, by the content distribution system, the candidate distribution criteria and the given distribution criteria to the client device, and sending, by the content distribution system, the given distribution criteria of the given interest group to the first MPC server, but not sending the candidate distribution criteria. also includes.

In some implementations, the method includes receiving, by the second MPC server, a first encrypted request that cannot be accessed by the second MPC server, and receiving the first encrypted request by the second MPC server to the first MPC forwarding to a server, receiving a set of key/value pairs from a first MPC server, identifying a given key/value pair with a highest value without disclosing the value of the key/value pair by a second MPC server generating a first encrypted signed response to the first encrypted request comprising a given key/value pair, wherein the first signed response is signed with a private key of a second MPC server and generating the encrypted signed response and sending the first encrypted signed response to the client device in response to the first encrypted request.

In some implementations, the method includes receiving, by a client device, a first encrypted and signed response sent by a second MPC server, wherein the first encrypted and signed response by the client device is sent to the first MPC server confirming that it was signed by the client device, recovering the first interest group from the first signed response by the client device, confirming by the client device that the first interest group includes a specific user, by the client device confirming that the value of the given key/value pair is signed by the first MPC server, decrypting the value of the given key/value pair to restore the first selection criterion by the client device, the content distribution system by the client device receiving the candidate selection criteria and the given selection criteria from

In some implementations, the method includes, by the client device, describing, by the client device, an interest group comprising a particular user as a first interest group set and a second interest group set different from the first interest group set; sending to the MPC server a first encrypted request comprising a first set of interest groups comprising the specific user, by the client device to the first MPC server a second encrypted request comprising a second set of interest groups comprising the specific user sending the request, receiving by the client device a second signed response sent by the first MPC server, confirming by the client device that the second signed response is signed by the second MPC server; recovering the specified interest group from the response signed by the client device, confirming that the interest group specified by the client device includes the specific user, the value of the key/value pair given by the client device is the second MPC also comprising verifying that it was signed by the server, decrypting the value of the given key/value pair to recover the third selection criterion by the client device, wherein the selecting the control selection criterion comprises the first selection criterion, the given and selecting a control selection criterion from among the selection criterion, the candidate selection criterion, and the third selection criterion.

In some implementations, the method includes receiving, by the first MPC server, a second encrypted request that cannot be accessed by the first MPC server, and receiving the second encrypted request by the first MPC server to the second MPC forwarding to a server, receiving a different set of key/value pairs from a second MPC server, the specific key/with the highest value without disclosing the different sets of key/value pair values by the first MPC server identifying a value pair, generating a second signed response to a second encrypted request comprising the specific key/value pair, wherein the first signed response is signed with a private key of a second MPC server It also includes generating a second signed response and sending a second signed response to the client device in response to the second encrypted request.

Generally, another innovative aspect of the subject matter described herein is a system comprising one or more processors and one or more memory members comprising instructions that, when executed, cause the one or more processors to perform operations, the system comprising: The operation is performed by a first multiparty computing (MPC) system server of the MPC cluster and from a second MPC server of the MPC cluster for selection criteria of at least one interest group of a set of two or more interest groups to which a particular user of the client device belongs. Receiving the request, the received request not disclosing an identifier of the client device to the first MPC server, the method comprising: receiving a request for selection criteria; in response to receiving the request, the second MPC An ordered set of selection criteria of at least one interest group of the set of two or more interest groups to which a particular user of the client device belongs, retrieved from the cache of the first MPC server using the portion of the request that is protected from being published by the server. is determined by the first MPC server, converting the ordered set of selection criteria into a set of key/value pairs, wherein the value of each key/value pair is protected from disclosure by the second MPC server. , converting the ordered set of selection criteria into a set of key/value pairs, and by the first MPC server, the second MPC server is impersonated without disclosing, by the first MPC server, the values of the set of key/value pairs to the second MPC server. sending the set of key/value pairs to the second MPC server along with data enabling identification of the key with the high value.

In some implementations, the operation (performed by one or more processors of the system described above) is performed by a client by a content distribution system, by the first MPC server and from a content distribution system different from the first MPC server and the second MPC server. receiving, by the first MPC server and in a cache of the first MPC server, given selection criteria of a given interest group predicted to include a particular user of the device, and a given interest predicted to include the particular user of the client device It also includes caching the given selection criteria of the group.

In some implementations, the operation includes: receiving a content request submitted by a client device by the content distribution system; generating candidate selection criteria in response to the content request in response to the content request; determining a given interest group predicted to include a particular user of the client device based on the content request; generating a given selection criterion of a given interest group based on a determination that the given interest group is predicted to include a particular user of the client device; sending, by the content distribution system, the candidate distribution criteria and the given distribution criteria to the client device, and sending, by the content distribution system, the given distribution criteria of the given interest group to the first MPC server, but not sending the candidate distribution criteria. Also includes.

In some implementations, the operation includes: receiving, by the second MPC server, a first encrypted request that cannot be accessed by the second MPC server; forwarding the first encrypted request by the second MPC server to the first MPC server; receiving a set of key/value pairs from a first MPC server; identifying the given key/value pair with the highest value without publishing the value of the key/value pair by the second MPC server; generating a first encrypted signed response to a first encrypted request comprising a given key/value pair, wherein the first signed response is signed with a private key of a second MPC server. It also includes generating a response and sending a first encrypted and signed response to the client device in response to the first encrypted request.

In some implementations, the operation comprises: receiving, by the client device, a first encrypted signed response sent by the second MPC server; confirming by the client device that the first encrypted and signed response was signed by the first MPC server; recovering the first interest group from the first signed response by the client device; confirming by the client device that the first interest group includes the specific user; confirming that the value of the key/value pair given by the client device is signed by the first MPC server; decrypting the value of the given key/value pair to recover the first selection criterion by the client device; receiving, by the client device, the candidate selection criteria and the given selection criteria from the content distribution system; a first selection criterion by the client device; It also includes selecting a control selection criterion from among the given selection criteria and the candidate selection criteria.

In some implementations, the operation may include, by the client device, describing, by the client device, an interest group comprising the particular user as a first interest group set and a second interest group set different from the first interest group set; sending, by the client device, to a second MPC server a first encrypted request comprising a first set of interest groups comprising the particular user; sending, by the client device, to the first MPC server a second encrypted request comprising a second set of interest groups comprising the specific user; receiving, by the client device, a second signed response sent by the first MPC server; confirming that the second signed response by the client device is signed by the second MPC server; recovering the designated interest group from the response signed by the client device; confirming that the interest group designated by the client device includes the specific user; confirming that the value of the key/value pair given by the client device is signed by the second MPC server; also comprising decrypting, by the client device, a value of the given key/value pair to recover a third selection criterion, wherein selecting the control selection criterion comprises the first selection criterion, the given selection criterion, the candidate selection criterion and the third and selecting a control selection criterion from among the selection criteria.

In some implementations, the operation includes: receiving, by the first MPC server, a second encrypted request that cannot be accessed by the first MPC server; forwarding the second encrypted request by the first MPC server to the second MPC server; receiving a different set of key/value pairs from a second MPC server; identifying, by the first MPC server, a particular key/value pair having a highest value without disclosing a different set of values of the key/value pair; generating a second signed response to a second encrypted request comprising a specific key/value pair, wherein the first signed response is signed with a private key of a second MPC server and sending a second signed response to the client device in response to the second encrypted request.

Generally, another innovative aspect of the subject matter described herein is a non-transitory computer storage medium encoded with instructions that, when executed by the distributed computing system, cause the distributed computing system to perform operations, the operations comprising: receiving, by a multiparty computing (MPC) server and from a second MPC server of the MPC cluster, a request for selection criteria of at least one interest group among a set of two or more interest groups to which a particular user of a client device belongs; the requested request includes receiving a request for selection criteria that does not disclose an identifier of the client device to the first MPC server, and in response to receiving the request, protecting from disclosure by the second MPC server determining, by the first MPC server, an ordered set of selection criteria of at least one interest group out of a set of two or more interest groups to which a particular user of the client device belongs, retrieved from a cache of the first MPC server using the portion of the requested request. converting the sorted set of selection criteria into a set of key/value pairs, wherein the value of each key/value pair is protected from being disclosed by the second MPC server. converting to a set of key/value pairs, and allowing the second MPC server to identify the key with the highest value without disclosing, by the first MPC server, the value of the set of key/value pairs to the second MPC server. sending the set of key/value pairs together with the data enabling the second MPC server.

In some implementations, the operation (performed by the distributed computing system) is performed by a specific user of the client device by the content distribution system by the first MPC server and from a content distribution system different from the first MPC server and the second MPC server. receiving, by the first MPC server and in a cache of the first MPC server, given selection criteria of a given interest group predicted to include It also includes caching the criteria.

In some implementations, the operation includes: receiving a content request submitted by a client device by the content distribution system; generating candidate selection criteria in response to the content request in response to the content request; determining a given interest group predicted to include a particular user of the client device based on the content request; generating a given selection criterion of a given interest group based on a determination that the given interest group is predicted to include a particular user of the client device; sending, by the content distribution system, the candidate distribution criteria and the given distribution criteria to the client device, and sending, by the content distribution system, the given distribution criteria of the given interest group to the first MPC server, but not sending the candidate distribution criteria. Also includes.

In some implementations, the operation includes: receiving, by the second MPC server, a first encrypted request that cannot be accessed by the second MPC server; forwarding the first encrypted request by the second MPC server to the first MPC server; receiving a set of key/value pairs from a first MPC server; identifying the given key/value pair with the highest value without publishing the value of the key/value pair by the second MPC server; generating a first encrypted signed response to a first encrypted request comprising a given key/value pair, wherein the first signed response is signed with a private key of a second MPC server. It also includes generating a response and sending a first encrypted and signed response to the client device in response to the first encrypted request.

In some implementations, the operation comprises: receiving, by the client device, a first encrypted signed response sent by the second MPC server; confirming by the client device that the first encrypted and signed response was signed by the first MPC server; recovering the first interest group from the first signed response by the client device; confirming by the client device that the first interest group includes the specific user; confirming that the value of the key/value pair given by the client device is signed by the first MPC server; decrypting the value of the given key/value pair to recover the first selection criterion by the client device; receiving, by the client device, the candidate selection criteria and the given selection criteria from the content distribution system; a first selection criterion by the client device; It also includes selecting a control selection criterion from among the given selection criteria and the candidate selection criteria.

In some implementations, the operation may include, by the client device, describing, by the client device, an interest group comprising the particular user as a first interest group set and a second interest group set different from the first interest group set; sending, by the client device, to a second MPC server a first encrypted request comprising a first set of interest groups comprising the particular user; sending, by the client device, to the first MPC server a second encrypted request comprising a second set of interest groups comprising the specific user; receiving, by the client device, a second signed response sent by the first MPC server; confirming that the second signed response by the client device is signed by the second MPC server; recovering the designated interest group from the response signed by the client device; confirming that the interest group designated by the client device includes the specific user; confirming that the value of the key/value pair given by the client device is signed by the second MPC server; also comprising decrypting, by the client device, a value of the given key/value pair to recover a third selection criterion, wherein selecting the control selection criterion comprises the first selection criterion, the given selection criterion, the candidate selection criterion and the third and selecting a control selection criterion from among the selection criteria.

Certain embodiments of the subject matter described herein may be implemented to realize one or more of the following technical advantages. For example, using multi-party computation (MPC) and other encryption techniques to protect user data and perform a content selection process can prevent leakage of user information that can be used by entities participating in the process to other entities. The techniques discussed throughout this specification also protect user information to prevent sharing of user information between entities necessary to perform a process. The techniques discussed herein distinguish between the operation of user information and processes within different computing systems such that if one entity's computer is compromised, the amount of user information that can be accessed is minimized or at least reduced relative to other techniques. The techniques discussed throughout this specification allow for personalized content selection and prevent systems involved in content selection from tracking individual users across multiple websites.

As the techniques discussed herein involve sending messages containing codes instead of actual data, computing systems participating in the processes discussed herein may not have access to the underlying data but still use such codes to access the process action can be performed. Using code instead of real data protects data even if it is compromised, for example, stolen or leaked to another entity. Using the lookup tables and code in this manner reduces the computational burden on the computing system used to implement the processes discussed herein with respect to the encryption techniques (eg, isomorphic encryption techniques) required to protect the data. This reduces the central processing unit (CPU) cycles required to perform the process (e.g., avoids having to encrypt and decrypt large amounts of data), and implementations where the process is used to select content for display on a user device. It reduces the waiting time when performing critical processes and makes the entire process more efficient. Additionally, data may be cached locally on a particular computing system to reduce latency for future requests of any cached data.

Reducing the latency of displaying content also reduces the number of errors that occur on user devices while waiting for that content to arrive. Since content often has to be delivered to mobile devices connected by a wireless network in milliseconds, reducing the latency of content selection and delivery is important to avoid errors and reduce user dissatisfaction.

The described technique also provides a simplified process for maintaining a high level of privacy. By implementing a granular process through MPC technology, the system provides a high standard for user privacy without requiring extensive changes in the demand-side platform.

The details of one or more embodiments of the subject matter described herein are set forth in the accompanying drawings and the description below. Other features, aspects and advantages of the present invention will become apparent from the detailed description, drawings and claims.

1 is a block diagram of an example environment in which content is distributed to client devices.
2 illustrates a data flow of a method for selecting content and providing content to a client device;
3 is a swimlane diagram illustrating a portion of an example process for selecting content.
4 is a flow diagram of an exemplary method for selecting content.
5 is a block diagram of an exemplary computer system.
In the various drawings, the same reference numerals and names refer to the same members.

FIELD OF THE INVENTION The present invention relates to computer-implemented methods and systems that use techniques to prevent the sharing or leakage of user information by entities involved in the selection and distribution of electronic content to client devices. As described in more detail below, privacy protection techniques may be implemented using a combination of multi-party operations (MPC), probabilistic data structures, encryption, and/or two-stage (or n-stage) caching. More specifically, the user's client device may send three requests for personalized content. The first request may be sent to one server in the MPC cluster, the second request to another server in the same MPC cluster, and the third request to the content distribution system. As described throughout this specification, requests sent to two servers in an MPC cluster are unable to obtain sufficient information to track the user on the website, but none of the MPC servers can still access the two-stage cache to send the user. may be encrypted in such a way as to identify available personalized content that may be provided to a user based on the interest group it contains. Each MPC server may respond to each request with information about one or more portions of content (eg, digital components) associated with one or more interest groups comprising the user.

The third request sent to the content distribution system includes information (eg, a URL) related to the website the user is visiting, which may be used to identify contextual content associated with the website, which may also include the user. It can be used to infer expected interest groups. The identified contextual content is communicated to the client device along with information about content related to one or more of the inferred interest groups. Information about content related to one or more interest groups is also stored in a cache for later use by the MPC server. The client device selects the personalized content (eg, digital component) provided to the user among the information received from the two MPC servers and the content distribution system.

In addition to the privacy protection techniques discussed throughout this specification, a user may be aware that a system, program, or feature described herein may contain user information (eg, a user's social network, social behavior or activity, occupation, user's preferences, or user's The user may be provided with controls to make choices about whether to enable the collection of information about their current location) and whether the user can receive content or communications from the server. Additionally, certain data may be processed in one or more ways prior to storage or use to remove personally identifiable information. For example, the user's identity may be processed so that personally identifiable information cannot be determined about the user, or the geographic location of the user from which the location information was obtained (eg, city, zip code, or state level) may be generalized. and therefore the specific location of the user cannot be determined. Accordingly, the user can control the information collected about the user, how that information is used, and the information provided to the user.

1 is a block diagram of an environment 100 in which content is distributed to client devices 110 . The exemplary environment 100 includes a data communication network 105 such as a local area network (LAN), a wide area network (WAN), the Internet, a mobile network, or a combination thereof. Network 105 includes client devices 110 , MPC cluster 130 , demand-side platform (DSP) 150 , supply-side platform (SSP) 170 , publisher 140 , and website 142 . connect Example environment 100 may include many different client devices 110 , MPC cluster 130 , DSP 150 , SSP 170 , publisher 140 , and website 142 .

The client device 110 is an electronic device capable of communicating over a network 105 . Exemplary client devices 110 include personal computers, mobile communication devices, such as smartphones, and other devices capable of sending and receiving data over network 105 . The client device may also include a digital auxiliary device that receives audio input through a microphone and outputs audio output through a speaker. When the digital assistant detects a “hotword” or “hotphrase” that activates a microphone to receive audio input, the digital assistant may be placed into a listening mode (eg, ready to receive audio input). The digital assistant device may also include a camera and/or display for capturing images and visually presenting information. The digital assistant may be implemented in various types of hardware devices, including wearable devices (eg, watches or glasses), smart phones, speaker devices, tablet devices, or other hardware devices. A client device may also include a digital media device, such as a streaming device that connects to a television or other display, for example, to stream video to a television or game device or game console.

The client device 110 generally includes an application 112 , such as a web browser and/or native application, to facilitate sending and receiving data over the network 105 . A native application is an application developed for a specific platform or specific device (eg, a mobile device with a specific operating system). The publisher 140 may develop and provide a native application for the client device 110 , for example, may make it available for download. The web browser may launch the publisher 140 in response to, for example, a user of the client device 110 entering a resource address for the resource 145 in the address bar of the web browser or selecting a link referencing the resource address. may request resource 145 from a web server hosting website 142 of Similarly, a native application may request application content from a publisher's remote server.

Some resources, application pages, or other application content may include a digital component slot for presenting a digital component with resource 145 or application page. As used throughout this specification, the phrase “digital component” refers to a discrete unit of digital content or digital information (eg, a video clip, audio clip, multimedia clip, image, text, or other unit of content). A digital component may be stored electronically in a physical memory device as a single file or a collection of files, and the digital component may take the form of a video file, an audio file, a multimedia file, an image file, or a text file, and may include advertising information. Therefore, advertisement is a kind of digital component. For example, the digital component may be content to complement the content of a web page or other resource provided by the application 112 . More specifically, the digital component may include digital content related to the resource content (eg, the digital component may be on the same subject or related subject as the web page content). Thus, the provision of digital components can complement and generally enhance web page or application content.

When an application 112 loads a resource (or application content) that includes one or more digital component slots, the application 112 may request a digital component for each slot. In some implementations, the digital component slot allows application 112 to request a digital component from a digital component distribution system that provides the digital component to application 112 for selection and presentation to a user of client device 110 . It may include code (eg, a script) that

Some publishers 140 use a supply-side platform (“SSP”) 170 to manage the process of acquiring digital components for a digital component slot of a resource and/or application. SSP 170 is a technology platform implemented in hardware and/or software that automates the process of obtaining digital components for resources and/or applications. SSP 170 may interact with one or more demand-side platform "DSP" 150 to obtain information that can be used to select a digital component for a digital component slot. As described in more detail below, this information is also referred to as selection criteria or selection parameters, which indicate or specify an amount that the digital component provider 160 is willing to provide for a display of the digital component provider 160 's digital component. criteria may be included. Each publisher 140 may have a corresponding SSP 170 or multiple SSPs 170 . Some publishers 140 may use the same SSP 170 .

Digital component provider 160 may create (or otherwise publish) digital components that are presented in the publisher's resources and in the digital component slot of the application. The digital component provider 160 may manage the provision of the digital component presented in the digital component slot using the DSP 150 . DSP 150 is a technology platform implemented in hardware and/or software that automates the process of distributing digital components for presentation with resources and/or applications. DSP 150 may interact with multiple exchanges on behalf of digital component provider 160 to provide digital components for presentation with resources and/or applications of multiple different publishers 140 . In general, DSP 150 may receive a request for a digital component (eg, directly from SSP 170 or via an exchange), and generate one or more digital component providers based on the request. A selection parameter for the digital component may be created (or selected), and data related to the digital component (eg, the digital component itself) and the selection parameter may be provided to the SSP 170 .

The way the SSP 170 selects digital components and the way the DSP 150 distributes personalized digital components (eg, the selection parameters and/or the selection parameters themselves generate) has historically been a web page rendered on a client device. using user information (eg browsing information, interest group information, etc.) obtained from third-party cookies, which are cookies dropped on client devices by domains other than the domain of However, browsers block the use of third-party cookies, making it more difficult to select and provide personalized digital components, ie, computing resources and bandwidth may be wasted by selecting and distributing content to users that are not of interest. To overcome this problem, privacy protection techniques can be used that enable the use of user interest group information while preventing user tracking across domains and preventing leakage of user information across computing systems. The techniques described herein protect this user information from being shared or leaked to other parties.

In some cases, it is beneficial to a user to receive a digital component associated with a web page, application page, or other electronic resource that the user has previously visited and/or interacted with. To distribute these digital components to users, when a user visits a specific resource or performs a specific action on the resource (for example, interacting with a specific item presented on a web page or adding an item to a virtual cart); Users may be assigned to interest groups. An interest group is a set of users identified as having an interest in the same subject based on browsing behavior, self-reported interests, and/or information posted on social network pages. For example, an interest group of “soccer” may include users identified as interested in soccer (eg, by visiting a soccer-related web page). In some implementations, an interest group may be created and/or updated/maintained by digital component provider 160 or DSP 150 or SSP 170 on behalf of digital component provider 160 . For example, each digital component provider 160 may assign a user to their user group when the user visits an electronic resource of the digital component provider 160 . More specifically, when a user visits a particular page of a digital component provider's website, such as a product information page, the digital component provider assigns that user to an interest group that includes users interested in a product described on that page. can be added In some implementations, an interest group may be created by the publisher 140 . For example, each publisher 140 may assign a user to their user group when the user visits the electronic resource 145 of the publisher 140's website 142 . More specifically, when a user visits a particular page of a publisher's website, such as a Hawaii vacation page, the publisher may add that user to an interest group that includes users interested in a Hawaii vacation.

To protect user privacy, the user's interest group membership is preferably maintained only on the user's client device 110 , for example by one of the applications 112 . In a particular example, the web browser may maintain a list of interest group identifiers (“interest group list”) for users using the web browser. The interest group list may include an interest group identifier for each interest group added by the user. Digital component providers 160 or publishers 140 that create interest groups may specify interest group identifiers for their interest groups. An interest group identifier for an interest group may be a code that describes the group (eg, a gardening group) or represents the group (eg, an alphanumeric sequence that is not a description). The interest group list for the user may be stored in secure storage of the client device 110 and/or may be encrypted when stored.

When application 112 presents a resource or application content associated with digital component provider 160 , the resource may request application 112 to add one or more interest group identifiers to the interest group list. In response, application 112 may add one or more interest group identifiers to the interest group list and securely store the interest group list. As described in more detail below, application 112 may send an interest group identifier of an interest group list to MPC cluster 130 along with a request for content, eg, a request for one or more digital components. Instead of sending the plaintext (unencrypted or otherwise unprotected, readable data) value of the interest group identifier, the application 112 encrypts the interest group identifier and sends the encrypted interest group identifier to the MPC cluster 130 to The recipient of the unintended interest group identifier cannot access the plaintext value of the interest group identifier.

The MPC cluster 130 includes a multi-computing system that performs a multi-party computational process to select a digital component based on one or more interest group identifiers and additional information. In this example, the MPC cluster 130 includes a first computing system S1 and a second computing system S2 . Computing systems S1 and S2 are owned by the same party (eg, a browser developer, application developer, or industry group) or a different party (eg, a party operating a browser developer and another party operating an industry group). and can be operated. If the quantity is greater than 1, then computing systems of other quantities may also be used.

Using MPC to select a digital component based on an interest group identifier prevents any party (including the party operating the computing system of the MPC cluster 130) from determining the group to which the user belongs, thereby protecting the user's privacy. to protect The MPC process, along with encryption technology, also prevents other parties from accessing confidential information of SSP 170 and DSP 150. An exemplary process for using MPC and encryption technology to select and distribute content is illustrated in FIGS. 2 and 3 .

2 is a data flow diagram of a privacy protection method 200 for selecting content and providing the content to a client device. The operations of method 200 may be performed by various components of system 100 . For example, operations of method 200 are performed by computing systems S1 and S2 , SSP 170 and DSP 150 of MPC cluster 130 in communication with client device 110 and application 112 . can be

The method 200 begins with step 1 performed by an application 112 of a client device 110 . In step 1 , the user of the client device 110 instructs the application 112 to navigate to a specific page. For example, a user of client device 110 (eg, a smartphone) may instruct application 112 (eg, a web browser) to navigate to the home page of, eg, a news website about birds. You can click the link. After application 112 navigates to a particular page, application 112 sends two different types of requests in parallel (eg, without waiting for a response to any one type of request). These requests may include (1) selection criteria for a set of digital components associated with one or more specific groups that include users, and (2) the current rendering and/or of a page (or other online resource, such as a native application interface) presented to the client device. A request for selection criteria for a digital component identified based on context. The specific group may be, for example, an interest group or other user group to which the user of the client device 110 belongs. Interest groups may be associated with specific entities, categories, or other topics of interest that users of the group have determined to be interested in. The selection criterion may be, for example, a user rating, a rating provided by a content provider, an interest score, or a bid, among other criteria. The request includes information that can filter groups and/or selection criteria. This information is described in more detail with reference to FIG. 3 .

The method continues with step (2) comprising steps (2a) and (2b). In step 2a, the application 112 generates a first request and sends it to S1, and in step 2b, the application 112 generates a second request and sends it to S2. The requests sent to S1 and S2 may both be requests for selection criteria of a digital component associated with a group (eg, interest group) including users of the client device. The generation and transmission of these requests are discussed in detail below with reference to FIG. 3 . Steps 2a and 2b occur in parallel. In general, steps 2a and 2b may be a symmetric process, the description of step 2a equally applicable to step 2b, where step 2a is a subset of the group comprising the user. , and step 2b is performed on another subset of the group comprising the user. One way to prevent collusion between S1 and S2 to identify or track users is that the subset of groups sent to S1 is different from the subset of groups sent to S2.

The method includes a secure two-party computation (2PC) protocol for two computing systems S1 and S2 of an MPC cluster 130 to identify selection criteria for one or more digital components associated with one or more interest groups comprising users. leads to step (3) of executing During the 2PC process, S1 and S2 exchange information and access the second stage cache to identify relevant selection criteria. Each of S1 and S2 obscures information about the user/client device from other computing systems, such that the computing system does not have a full set of information related to the user/client device and prevents the computing system from tracking the user on a website. . Further details of this process are provided below with respect to FIG. 3 .

The method continues with step 4 where application 112 receives a response to each of steps 2a and 2b. Each response may include a set of selection criteria for 0 or 1 groups (eg, groups of interest). The response, which may be referred to as a set of selection criteria, includes an identifier for a particular interest group, a selection value for the particular interest group (eg, a selection value suitable for use in selecting a digital component for a user who is a member of the particular interest group; This may also include data such as selection criteria) and other data related to particular interest groups, user interactions, or websites visited by application 112 . Each set of selection criteria may correspond to a digital component to which a selection criterion of the set of selection criteria is applied. For example, the response may be of the form {IG_ID, post_revshare_bid, other_metadata}, where IG_ID represents the identifier of the interest group, post_revshare_bid represents the selection value (eg, bid value), and other_metadata is the interest group, its digital Represents other data related to a component or selection value. For example, post_revshare_bid may include a digital component, data identifying the digital component, or instructions to obtain the digital component from a remote server, eg, a URL or other link to the location of the digital component. In another example, this digital component or instruction may be included in metadata. At the end of step (4), application 112 may receive a set of 0 to 2 selection criteria for interest groups of which users and/or browsers are members. Further details of this process are provided below with respect to FIG. 3 .

The method continues with step 5 in which the application 112 sends a context digital component request (“third request”) to the SSP 170 . For example, application 112 (a web browser in this example) may send a request for a context digital component to SSP 170 . The context digital component request may include a context signal that may identify the associated digital component. The context signal may be, among other factors, for example, the category of content presented on a particular web site or webpage rendered/presented on the client device, the country or language of the user of the client device 110 (eg, depending on the client device settings). designated by). Step (5) may be performed in parallel with step (2).

The method continues with step 6 where the SSP 170 forwards the context digital component request to any number of DSPs 150 . For example, SSP 170 may pass a request to multiple DSPs 150, each with an opportunity to respond to the request with candidate selection criteria for a digital component. The candidate selection criterion may be, for example, a context selection value or a selection value for a specific context signal. The content selection value may indicate or specify an amount that the digital component provider 160 is willing to provide for presentation of the digital component of the digital component provider 160 . DSP 150 may select or determine candidate selection values on behalf of digital component provider 160 .

The method continues with step 7 in which the one or more DSPs 150 respond to the request with candidate selection criteria for the digital component identified using the context signal. For example, DSP 150 may respond to the request of SSP 170 with a context selection value and/or one or more context signals.

Additionally, the one or more DSPs 150 optionally return one or more group selection criteria (eg, a set of selection criteria) for a predicted group or other group of users to whom the digital component corresponding to the selection criteria is entitled to be distributed. can do. DSP 150 is not provided with information identifying the group comprising the user. Rather, the DSP uses the context signal included in the context digital component request to predict an interest group that is likely to include the user and returns a given selection criterion (eg, a selection value) for the predicted interest group. The selection value may be used to select a corresponding digital component for a user who is a member of an interest group.

For example, the one or more DSPs 150 may use the context signal to predict one or more interest groups comprising the user, e.g., steps 2a and 2b, which may be issued by other browsers in the future. ) may return a set of one or more interest group selection values that are cached or otherwise stored by the MPC cluster 130 to respond to future interest group requests, such as the process described in . This set of interest group selection criteria may each be used in the pacing of an identifier, selection value, digital component, or digital component to which the selection value applies, the identifier of the interest group predicted to include the user, marketing factor, or pacing of a content item campaign. It may contain information such as information about For example, the set of interest group selection criteria may be of the form {IG_ID, pre_revshare_bid_price, TTL, pacing_info}, where IG_ID represents the identifier of the interest group, pre_revshare_bid_price represents the selection value before revenue sharing occurs, and TTL is the time -time-to-live, i.e., represents the maximum time span over which the MPC cluster can cache bids, and pacing_info is information about the overall budget and pacing of the content item campaign relative to the predicted efficacy of the content item. indicates Prediction of an interest group comprising a user may be performed, for example, by inputting a context signal to a machine learning model trained to output a predicted interest group based on the context signal input.

The set of interest group selection criteria may be used in the future for submitting bids with indicated selection values for future interest group requests 2a and 2b containing request parameters similar to the current context request steps 5 and 6 . It is the duty of DSP 150 to approve SSP 170 and MPC cluster 130 according to factors such as TTL and pacing information provided. For example, an interest (eg, in steps 2a or 2b) that the application 112 indicates (eg, in steps 2a or 2b) a signal that matches, for example, an IG_ID and a signal in the current context request, such as a website URL, location, language, etc. Upon submitting a group request, DSP 150 may authorize SSP 170 and MPC cluster 130 to submit selection values for a set of interest group selection values having specific values.

DSP 150 may also determine which set of interest groups identified by IG_ID, for example, may be associated with a user who will visit the current website indicated by application 112 and submit interest group selection criteria in advance. predictable. The submitted selection value set may be cached by the MPC cluster 130 to reduce delay and DSP 150 server load when responding to future interest group selection criteria requests. For example, if a subsequent interest group selection criteria request is previously submitted and contains parameters that match parameters in a cached set of interest group selection criteria, the MPC cluster 130 may simply respond using the cached set of selection criteria. can

For example, DSP 150 may use historical user interaction data or other historical data to speculatively generate an interest group selection value or set of selection values or users who will visit a current website indicated by application 112 or 112 . Prediction bids on interest groups. For example, when DSP 150 determines from historical data that a user who will visit a current new news website indicated by application 112 is associated with an interest group in general for camping, nature, and outdoor equipment. , as discussed below with reference to step 10 , DSP 150 speculatively generates selection values for such interest groups and stores these selection values in a cache of MPC cluster 130 .

The method continues at step 8 where the SSP 170 applies various filtering criteria to the received candidate selection criteria and provides a response to the context digital component request. SSP 170 may apply filters, such as buyer exclusion and/or creative exclusion, to the received candidate selection criteria. For example, SSP 170 may exclude certain digital component providers on a list maintained by SSP 170 or provided to SSP 170 by publisher 140 from offering a bid. In another example, SSP 170 may exclude certain content items on a list provided to or maintained by SSP 170 from being included as candidates. Once SSP 170 filters the candidate selection criteria, SSP 170 may calculate a selection value by applying specific pricing rules provided to or maintained by SSP 170 . For example, SSP 170 may calculate a post-revenue share selection value by applying a pricing rule provided by DSP 150 and perform a selection process among the candidates. For example, SSP 170 may conduct an auction among the context content item selection values specified by the candidate selection criteria, and either win with the calculated selection value or return the best context content item selection value to application 112 . there is. For example, SSP 170 may provide a calculated selection value and a digital component (or a command to retrieve a corresponding one to the selection value) to application 112 .

In some implementations, SSP 170 may also respond to the context digital component request with given selection criteria for the group predicted to include the user. For example, SSP 170 may apply any of the processing and/or rules discussed above, and selection values or selections for any number of interest groups predicted by DSP 150 to include users. A set of criteria can be provided. In this way, the client device 110 has one or more sets of interest group selection criteria even if the 2PC process performed by the MPC cluster 130 fails to return any selection criteria for interest groups that include users as members. An optional value is provided. For example, if the cache of the MPC cluster 130 does not contain selection criteria for any interest group that includes the user when the application 112 sends a request to S1 and S2 in 2a and 2b, respectively, the MPC cluster 130 will not be able to respond to application 112 with any selection criteria. In such a situation, the application 112 allows the MPC cluster 130 to select any set of interest group selection criteria, as given selection criteria for the interest group predicted to include the user may still be provided in response to the context digital component request. Even if it fails to respond with , it still has at least one set of interest group selection criteria for evaluation.

The method continues with step 9 where the application 112 executes a final selection process to identify a digital component to display on the client device 110 . In some implementations, application 112 selects a content item to be presented to client device 110 by selecting a selection value with a highest value, eg, a set of selection criteria (or digital component) having a selection criterion. You can run an auction to For example, the auction may include the winning context selection value from step 8 as provided by SSP 170 and the corresponding digital component (eg, candidate selection criteria from candidate selection criteria), computing system S1 and /or any set of interest group selection criteria received from S2) (eg, interest group selection criteria specifying between 0 and 2 interest group bids), and received from SSP 170 in response to a context digital component request. may be implemented using predicted selection criteria (eg, given selection criteria specifying given selection values for interest groups predicted to include users), such as given selection criteria. The application 112 filters the predicted selection criteria to consider only those selection criteria relevant to the interest group to which the user and/or browser belong. Since the application 112 has already received the computed selection values for the context digital component request from the computing systems S1 and S2 of the SSP 170 and the MPC cluster 130, the application 112 has the highest post-revenue share value. A simple selection process, such as a first price auction for selecting a candidate selection value with The application 112 may then render the digital component associated with the winning selection value.

The method may lead to the step 10 of the SSP 170 updating the interest group selection criteria maintained by the computing systems S1 and S2 of the MPC cluster 130 . The SSP 170 performs step 10 by sending the first stage key and the second stage lookup table (LUT) to the computing systems S1 and S2 of the MPC cluster 130 .

For example, SSP 170 may first apply filtering criteria to the submitted interest group selection criteria, and then apply pricing rules to calculate the resulting selection values in a process similar to the process described with respect to step (8). can be applied SSP 170 may then create a composite message from all signals provided in the context request that are also interest group request signals, such as a specific URL, location, language, among other signals. The SSP 170 then serializes the composite message into a byte array to generate an encrypted message representing the request signal and other request information. For example, SSP 170 may cryptographically hash the byte array into a fixed size digital digest using the SHA256 algorithm. For purposes of discussion herein, this digital digest may be referred to as IG_Request_Key.

The computing systems S1 and S2 of the MPC cluster 130 each maintain a two-stage LUT cache. For example, the first stage may be keyed by SHA256 (IG_Request_Key) truncated to n bits. The second stage itself may be a LUT whose key is HMAC _SHA256 (IG_Request_Key, IG_ID), where IG_ID represents an identifier for a particular interest group, and HMAC _SHA256 represents a hash-based message authentication code constructed from a SHA-256 hash function. The second stage cache value may be stored in the format {post_revshare_bid, metadata}. The metadata includes information such as TTL values, pacing information, identifiers for visor accounts, values for selection values before revenue sharing and selection values after revenue sharing, among other information. SSP 170 may digitally sign at least a portion of the encrypted message using a publicly verifiable secret key that is verified only by application 112 or is publicly verifiable. For example, SSP 170 may digitally sign the entire set of metadata with the private key. The computing systems S1 and S2 of the MPC cluster 130 then independently update their two-stage LUTs using the received first stage key and second stage LUT.

In step 10 , in addition to sending candidate selection criteria for the group of interest selection criteria (eg, a set of selection criteria) to the computing systems S1 and S2 of the MPC cluster 130 , the SSP 170 optionally may send to the application 112 the group of interest selection criteria which already include the candidate selection criteria with the highest value as part of step 8 . In this option, for each final selection process performed by the application 112 as part of step 9, the application 112, if available, includes: the context selection value received in step 8; the interest group selection value received in step 2a cached in the cache of the MPC cluster 130; the interest group selection value received in step 2b cached in the cache of the MPC cluster 130; and/or the interest group selection value received in step 8 that is not cached (the application 112 further filters these bids based on the actual list of interest groups with which the user of the client device 110 is associated) Selects the highest selection value from among multiple sets of selection values containing one or more of

3 shows a swim lane diagram illustrating an example process 300 for selecting content. The step number of the process 300 corresponds to the step number of the method 200 . For example, steps 2a-1 , 2a-2, 2a-3 and 2a-4 of process 300 are exemplary steps that may form part of step 2a of method 200 . Similarly, steps 3a-1 to 3a-8 are exemplary steps that may form part of step 3 of method 200, and steps 4a-1 and 41-s are method An exemplary step that may form part of step (4) of (200). The operations of method 300 may be performed by various components of system 100 . For example, operations of method 300 may be performed at least in part by computing systems S1 and S2 of MPC cluster 130 in communication with client device 110 and application 112 .

In some implementations, steps 2a and 2b are completed in parallel and are a symmetric process. As such, FIG. 3 is discussed with reference to step 2a, but is equally applicable to step 2b in which the operation of the computing system is reversed. For example, in the reverse situation, S1 would swap places with S2 in FIG. 3 , but the remainder of FIG. 3 remains the same to perform step 2b.

In step 2a-1, the application 112 generates, for example, randomly two public/private key pairs: public_key1, public_key2, private_key1 and private_key2. For example, such a public/private key pair may be an elliptic curve cryptography (ECC) key pair, such as a NIST P-256 key pair. The application 112 shares public_key1 only with the computing system S1 and public_key2 only with the computing system S2 so that public_key1 and public_key2 become temporary semi-public keys. The application 112 also generates a temporary number or random number that can be used only once in the encrypted communication for the request.

In step 2a-2, the application 112 randomly divides the actual list of interest groups to which the user of the client device 110 belongs into two sets G1 and G2. Assume that G2 = {g _2,1 , ... g _2,k } is the set of interest groups randomly assigned to G2. Assuming that the user of the client device 110 , by extension the application 112 , is associated with n interest groups, each interest group has an equal probability of being included in either G ₁ or G ₂ . In some implementations, sets G ₁ and G ₂ are not the same size. It should be recalled that at this stage, the application may describe the list of interest groups as two subsets of interest groups as the application 112 preferably maintains a list of interest groups comprising the user. In some implementations, the two subsets of interest groups have non-overlapping memberships. In some implementations, the two subsets of interest groups have overlapping memberships.

이다.The probability p is non-zero that any interest group with which the application 112 is associated is not in either G ₁ or G ₂ . The probability that a random interest group not associated with the application 112 exists in G ₁ or G ₂ is the false positive rate (FPR). Thus, the process that creates G1 is ε-differentially private, where

am.

For example, if FPR is 1% and p is 50%, ε = log(50) = 3.9. Similarly, the process generating G ₂ is also an ε-differential prebate with ε=3.9.

The application 112 converts G ₂ into G ₂ ^T by applying a key-like random number function to each interest group of G ₂ using a composite key such as {IG_Request_Key, nonce}. For example, G ₂ ^T = {x: HMAC(HMAC(IG_Request_Key, x), nonce), ∀x∈G2}, where the function HMAC(clear_text, secret_key) calculates a key message authentication code. This algorithm is a key-hash message authentication code or a specific type of message authentication code (MAC) that contains both a cryptographic hash function and a secret cryptographic key.

Then, in step 2a-3, application 112 may select a probabilistic data structure such as bloom filter, implementation and appropriate parameters including FPR for the structure. In this particular example, application 112 can then create bloom filters G ₁ ′ and G ₂ ′ for sets G ₁ and G ₂ , respectively. Due to FPR, G ₁ ⊂ G ₁ ', G ₂ ⊂ G ₂ ', |G ₁ | << |G ₁ '| and |G ₂ | << |G ₂ '|. By using a probabilistic data structure, each subset of interest groups that actually contain a user is added to a set of interest groups that do not contain a user to help protect the privacy of the user, e.g., it It makes it more difficult for any system to get one of these to identify or track a user via fingerprinting.

For example, application 112 may create a probabilistic data structure, such as a Bloom filter or a Cuckoo filter, G ₂ ′ for G ₂ ^T . The bloom filter uses the k hash function to hash the interest group identifier IG_ID into m array positions. For example, h _j : IG_ID → [0, m), where 1<=j<=k. H(IG_ID) can be defined as H(IG_ID) = HMAC(IG_Request_Key, IG_ID), where the result is the base-m expression … It is denoted as H ₃ H ₂ H ₁ . Therefore, h _m (IG_ID) is defined as the mth digit of H(IG_ID), that is, H _m .

In step 2a-4, the application 112 sends a request to the computing system S1 with a single parameter in the encrypted message. For example, the parameter may be PubKeyEncrypt(Stage_1_Lookup_Key || G ₂ ' || PubKeyEncrypt(G ₂ ^T , S1) || public_key2 || nonce, S2). In this equation, || represents any lossless and reversible way of constructing a complex message from one or more simple messages. For example, || can indicate a concise binary object representation or protocol buffer method.

In this particular example, Stage_1_Lookup_Key is SHA256 (IG_Request_Key) truncated to n bits, but other suitable keys may be used. In this specific example, PubKeyEncrypt(clear_text, domain) is an encryption result obtained by encrypting clear_text using a public key obtained from a domain by applying a probabilistic public key encryption algorithm. The public key encryption algorithm used by the application 112 is often based on ECC. For example, the public key encryption algorithm may be NIST P-256.

In step 3a-1, the computing system S1 retrieves the public key obtained from the computing system S2 by the application 112 by the assumption that the computing system S2 keeps the corresponding private key strictly confidential. Due to the encryption of the used request, it is impossible to perform any process using the received request other than forwarding it to the computing system S2. By forwarding the request, the computing system S1 hides the IP address of the client device running the application 112 from the computing system S2, such that the client device associated with the interest group request for the computing system S2 to track the user. It disables the use of IP addresses for applications on the Internet, and provides an additional layer of privacy protection.

In step 3a-2, the computing system S2 decrypts the received request using its own private key to recover a number of parameters. For example, the parameters are Stage_1_Lookup_Key, G ₂ ' (i.e. bloom filter configured for G ₂ ^T ), PubKeyEncrypt(G ₂ ^T , S1), i.e. encrypted G ₂ ^T that only computing system S1 can decrypt, Contains the public_key2 and nonce generated by the application 112 for the current request.

Even if computing system S2 colludes with, for example, SSP 170, computing system S2 still uses the interest group to correlate the interest group request with the application's context request based on the IP address. and the IP address of the client device common to the context request cannot be used. This protection is even more evident when there is a limited number of bits in Stage_1_Lookup_Key.

In step 3a-3, the computing system S2 queries the two-stage lookup table (“LUT”) using the Stage_1_Lookup_Key. The result is an existing LUT with key HMAC(IG_Request_Key, IG_ID). That is, the computing system S2 queries the LUT for a matching entity using the Stage_1_Lookup_Key of the decrypted request.

In step 3a-4, the computing system S2 filters the LUT with a bloom filter G ₂ ′. Assuming that the bloom filter has a false positive rate of 1%, about 1% of the entities in the LUT will pass the filter. The number of entities in the LUT is approximately 2- ⁿ of all entities cached by the computing system S2. Accordingly, n controls including communication and computation costs from steps 2a-8 to 2a-11. Smaller n is more expensive to communicate and compute, and the higher the number of entities in the LUT associated with different IG_Request_Keys, which is why the computing system S2 colludes with the SSP 170 for a common targeting signal in both types of content item requests. making it more difficult to correlate interest groups and context requests based on

In steps 3a-5, the computing system S2 sorts the filtered entries according to the selection criteria. For example, computing system S2 may sort the filtered entries using the post revenue share selection value (or bid value) from highest to lowest. For each entry, the computing system S2 prepares a key/value pair, where the key is HMAC(HMAC(IG_Request_Key, IG_ID), nonce). The value is PubKeySign(PubKeyEncrypt(metadata_for_IG, public_key2), MPC2), where PubKeySign(clear_text, domain) is the domain created by applying a digital signature algorithm (eg ECDSA NIST P-256) to clear_text using the private key. This function is used to connect the digital signature to clear_text. The metadata_for_IG for the interest group (IG) may include a set of selection criteria for a digital component corresponding to the interest group. As noted above, the set of selection criteria may include selection values, digital components or instructions for obtaining digital components, and the like. PubKeyEncrypt is an encryption function performed on the metadata of the interest group using the public key public_key2, an IG_ID that can be used by the computing system S1 to infer a signal such as the website URL from which the request is made. It prevents learning of a selection value for a specific interest group identified by . PubKeySign prevents computing system S1 from impersonating computing system S2 and producing erroneous results. Accordingly, the computing system S2 transforms the set of interest group bids into an ordered set of key/value pairs. The computing system S2 then sends the sorted list of key/value pairs and PubKeyEncrypt(G ₂ ^T , S1) to the computing system S1.

In step 3a-6, the computing system S1 decrypts PubKeyEncrypt(G ₂ ^T , S1) to recover G ₂ ^T as plaintext. For example, the computing system S1 decrypts the PubKeyEncrypt using the private key corresponding to the public key provided by the application 112 only to the computing system S1.

In step 3a-7, computing system S1 selects the winning interest group using G ₂ ^T to find the first key/value pair in the sorted list of key/value pairs whose key is in G ₂ ^T . choose Since the sorted list is already ordered from the highest posterior revenue share selection value to the lowest posterior revenue share selection value, the computing system S1 simply queries G ₂ ^T and the sorted list whose key is in G ₂ ^T . By selecting the first key/value pair from the list, the application 112 with the highest post revenue share bid price without access to the actual value of the key/value pair selects the interest group in the actual list of associated interest groups. The selected key/value pair is the result.

In step 3a-8, computing system S1 signs the selected key/value pair with its private key for later verification by application 112 . For example, computing system S1 may sign the winning key/value pair with a private key corresponding to a public key that application 112 provides only to computing system S1 .

In step 4a - 1 , the computing system S1 sends the selected key/value pair or result back to the application 112 .

In step 4a-2, the application 112 decrypts and verifies the result as follows.

The application 112 verifies that the result is encrypted and signed by the computing system S1. For example, the key may be HMAC (HMAC(IG_Request_Key, Winning_IG_ID), nonce). The value may be PubKeySign(PubKeyEncrypt(metadata_for_IG, public_key2), S2). Application 112 recovers Winning_IG_ID and verifies that it is a member of G ₂ . Because application 112 knows IG_Request_Key, nonce and G ₂ , application 112 can confirm that Winning_IG_ID is a member of set G ₂ . The application 112 verifies that the value is encrypted and signed by the computing system S2. Then, the application 112 decrypts the value with private_key2 to recover the matadata_for_IG.

The encryption process 300 provides additional privacy and security protection. During this process, the computing system S2 receives a bloom filter G ₂ ′ in plain text. According to previous analysis, the bloom filter (G2') is differentially private. In addition, the computing system S2 receives the Stage_1_Lookup_Key of plain text, that is, SHA256 (IG_Request_Key) truncated to n bits. Also, the computing system S1 sees only the client IP address in plain text. Thus, none of the computing systems in the MPC cluster have full access to the user data and cannot guess the identity of the user.

4 is a flow diagram of an exemplary privacy protection process 400 for selecting content. In some implementations, process or method 400 may be performed by one or more systems. For example, process 400 may be implemented by client device 110 , application 112 , and MPC cluster 130 of FIGS. 1-3 . In particular, process 400 may include one or more processors 510 and one or more memory elements (eg, FIG. 5 may be implemented by a system including storage device 530. In some implementations, process 400 may be implemented as instructions stored on a non-transitory computer-readable medium, wherein the instructions are For example, when executed by a distributed computing system), the instructions may cause the computing system to perform the operations of process 400. Preferably, the computing system includes one or more servers. It can contain multiple connected servers.

The process 400 is performed by a first multiparty computing (MPC) server of the MPC cluster (eg, S2 in FIGS. 1 , 2 and 3) and by a second MPC server of the MPC cluster (eg, FIG. 1 , It begins with receiving a request for selection criteria of at least one interest group among a set of two or more interest groups to which a specific user of the client device belongs from S1) of FIGS. 2 and 3 , wherein the received request includes an identifier of the client device is not shown to the first MPC server 402 . For example, as described above with respect to step 3a - 1 of FIGS. 2 and 3 , computing system S2 may receive a request for an interest group bid from computing system S1 . The request does not disclose to the computing system S2 the IP address of the application 112 , which is the identifier of the client device. This has the technical effect of protecting user privacy and maintaining the security of user data. For example, only a subset of interest groups that include users as members are provided to each MPC server in an MPC cluster. Therefore, the MPC server cannot determine the user's overall user interest group membership. The use of a probabilistic data structure provides the additional technical effect of reducing the data size of the request sent to each MPC server while further protecting user privacy and data security. Aggregating for many requests (eg, thousands or millions per day) saves significant bandwidth and latency and reduces battery drain on the mobile device capable of sending the request.

Process 400 continues by responding to a request received by the first MPC server determining, by the first MPC server, an ordered set of selection criteria of at least one interest group out of a set of two or more interest groups to which a particular user of the client device belongs. 404). In some implementations, the ordered set of selection criteria is protected from being accessed in unencrypted or plain text form, or from the cache of the first MPC server using the portion of the request that is otherwise published by the second MPC server. are searched for For example, as described above with respect to steps 3a-2 through 3a-5 of FIGS. 2 and 3 , computing system S2 (ie, the first MPC server) uses the portion of the request. to determine an ordered set of group of interest beads retrieved from the two-stage LUT of the computing system S2. This has the technical effect of maintaining data security and user privacy during the selection process. Using this approach prevents the MPC cluster from gaining the user's full interest group membership. Also, this approach prevents the MPC server from obtaining confidential data for DSPs that provide selection values for groups of interest.

The process 400 continues with transforming the ordered set of selection criteria into a set of key/value pairs, the value of each key/value pair being protected from disclosure by the second MPC 406 . For example, as described above with respect to steps 3a-2 to 3a-5 of FIGS. 2 and 3 , the computing system S2 may generate an ordered set of interest group bids of key/value pairs. can be converted to a set. It also has the technical effect of maintaining data security and user privacy during the selection process. Using this approach prevents the MPC cluster from gaining the user's full interest group membership. Also, this approach prevents the MPC server from obtaining confidential data for DSPs that provide selection values for groups of interest.

The process 400 generates the set of key/value pairs along with data that enables the second MPC server to identify the key with the highest value without disclosing the value of the set of key/value pairs by the first MPC server. The step of sending to the second MPC server is continued (408). For example, as described above with respect to steps 3a-2 through 3a-5 of FIGS. 2 and 3 , computing system S2 allows computing system S1 to access values. may send to computing system S1 an ordered list of bids as a set of key/value pairs along with data that enables computing system S1 to identify the key with the highest value. This has the technical effect of maintaining user privacy and data security. Also, the amount of data transmitted from the MPC server to the client device is reduced by transmitting only data for the winning interest group, not each interest group that includes the user as a member.

In some implementations, process 400, given by the first MPC server and from a content distribution system different from the first MPC server and the second MPC server, includes the particular user of the client device by the content distribution system. receiving, by the first MPC server and in a cache of the first MPC server, a given selection criterion of a given interest group in the context of a set of conditions in which the interest group is predicted, a particular user of the client device with respect to an applicable context; caching a given selection criterion of a given interest group predicted to contain. This has the technical effect of faster selection of digital components based on interest group membership. By caching selection criteria for distributed digital components based on interest group membership, the MPC server more quickly identifies and caches eligible digital components (eg, components for interest groups that include users as members). The winning digital component can be selected based on the selected selection value.

For example, as described above with respect to step 10 of FIG. 2 , SSP 170 transmits the speculative or predictive selection value provided by DSP 150 to computing systems S1 and S2 . can Each of the computing systems S1 and S2 may independently update a respective two-stage LUT.

In some implementations, process 400 includes receiving a content request submitted by a client device by a content distribution system, generating candidate selection criteria in response to the content request in response to the content request, content determining, based on the request, zero or more interest groups predicted to include a particular user of the client device; generating criteria, sending by the content distribution system the candidate distribution criteria and the given distribution criteria to the client device and sending the given distribution criteria of the given interest group by the content distribution system and the first MPC server, but the candidate distribution criteria also includes not transmitting. For example, DSP 150 receives a content request submitted by application 112 , determines that a user of client device 110 on which application 112 is executed is likely to be part of a particular interest group, and You can generate prediction bids for groups. This is to improve the user experience by enabling applications to complete the selection process for digital components displayed by applications using both interest group membership and context data for the digital component display environment without leaking user data to other parties. A strong digital component selection process has the technical effect of improving data security throughout the process. In addition, performing the final selection process on the client device based on parallel requests allows the selection process to be completed more quickly, avoiding errors that can occur in situations where digital components must be selected in milliseconds.

In some implementations, process 400 includes receiving, by the second MPC server, a first encrypted request that cannot be accessed, eg, cannot be decrypted, by the second MPC server; forwarding the first encrypted request by the server to the first MPC server, receiving the set of key/value pairs from the second MPC server, without disclosing the values of the key/value pairs by the second MPC server identifying a given key/value pair having a highest value, generating a first signed response to a first encrypted request comprising the given key/value pair, wherein the first signed response is a second MPC It also includes generating a first signed response, signed with a private key of the server, and sending the first signed response to the client device in response to the first encrypted request. This has the technical effect of maintaining data security and user privacy during the selection process. Using this approach prevents the MPC cluster from gaining the user's full interest group membership. Also, this approach prevents the MPC server from obtaining confidential data for DSPs that provide selection values for groups of interest. It also uses encryption and signatures on requests to keep data secure and prevent possible fraud between the MPC server and client devices. Validating the response using the signature confirms that the encrypted response has not been modified.

For example, computing system S1 may receive an encrypted request that cannot be accessed or decrypted by computing system S1 and forward the request to computing system S2 . The computing system S2 then provides the ordered set of key/value pairs to the computing system S1 without disclosing the pair's values and computes a response comprising the ordered set of key/value pairs and the value signature. It can be generated in the system S1. When computing system S1 selects a winning interest group bid, computing system S1 sends the selected key/value pair to application 112 .

In some implementations, process 400 includes receiving, by the client device, a first encrypted signed response sent by the second MPC server, wherein the first encrypted and signed response by the client device is transmitted to the first confirming that it was signed by the MPC server, recovering the first interest group from the first signed response by the client device, confirming by the client device that the first interest group includes a specific user, the client verifying that the value of the key/value pair given by the device is signed by the first MPC server, decrypting the value of the given key/value pair to restore the first selection criterion by the client device, by the client device The method also includes receiving the candidate selection criteria and the given selection criteria from the content distribution system, and selecting, by the client device, the control selection criteria from among the first selection criteria, the given selection criteria, and the candidate selection criteria. This has the technical effect of protecting user privacy and data security and preventing fraud.

For example, as described above with respect to steps 4a-1 to 4a-2 of FIG. 3 , the application 112 receives a signed response from the computing system S1 and wins interest from the response. Group beads can be recovered. The application 112 may verify that the value of the given key/value pair in the response has been encrypted and signed by the computing system S2. The application 112 then decrypts the value of the key/value pair to recover the winning interest group bid, 0 or 1 interest group bid from computing system S2 and 0 or 1 from SSP 170 . Receive another bid including two context bids.

In some implementations, process 400 includes, by the client device, describing, by the client device, an interest group comprising a particular user to a first interest group set and a second interest group set different from the first interest group set; sending, by the client device, a first encrypted request comprising a first set of interest groups comprising the specific user to a second MPC server, the second set of interest groups comprising the second set of interest groups comprising the specific user to the first MPC server by the client device 2 sending the encrypted request, receiving by the client device a second signed response sent by the first MPC server, confirming by the client device that the second signed response is signed by the second MPC server retrieving the specified interest group from the response signed by the client device, confirming that the interest group specified by the client device includes a particular user, the value of the key/value pair given by the client device is further comprising verifying that it was signed by the second MPC server, decrypting the value of the given key/value pair to recover the third selection criterion by the client device, wherein the selecting the control selection criterion comprises the first selection selecting a control selection criterion from among the criteria, a given selection criterion, a candidate selection criterion, and a third selection criterion. This has the technical effect of protecting user privacy and data security and preventing fraud.

For example, as described above with respect to step (2) of FIG. 2 and steps (2a-1) through (2a-2) of FIG. 3, the application 112 of the client device 110 may select an interest group. It can be separated into two different sets. As described above with respect to steps 2a-1 to 3a-1 of FIG. 3 , the application 112 of the client device 110 may send an encrypted request to the computing system S2, and System S2 may send a second encrypted request to computing system S1 . As described above with respect to steps 3a-5 to 4a-2 of FIG. 3 , the application 112 receives the signed result from the computing system S2 and sends the result value to the computing system S1 . It can be verified that it has been encrypted and signed by The application 112 can then decipher the result and verify that the interest group specified in the result includes the particular user, since the application 112 has the actual list of interest groups to which the user belongs.

5 is a block diagram of an exemplary computer system 500 that may be used to perform the operations described above. The system 500 includes a processor 510 , a memory 520 , a storage device 530 , and an input/output device 540 . Each of components 510 , 520 , 530 , 540 may be interconnected using, for example, a system bus 550 . The processor 510 may process instructions for execution in the system 500 . In one implementation, processor 510 is a single-threaded processor. In another implementation, processor 510 is a multi-threaded processor. The processor 510 may process a command stored in the memory 520 or the storage device 530 .

Memory 520 stores information within system 500 . In one implementation, memory 520 is a computer-readable medium. In one implementation, memory 520 is a volatile memory unit. In another implementation, memory 520 is a non-volatile memory unit.

The storage device 530 may provide mass storage to the system 500 . In one implementation, storage device 530 is a computer-readable medium. In various other implementations, storage device 530 is, for example, a hard disk device, an optical disk device, a storage device shared over a network by multiple computing devices (eg, a cloud storage device), or It may include some other mass storage device.

Input/output device 540 provides input/output operation for system 500 . In one implementation, the input/output device 540 is configured with network interface devices, such as an Ethernet card, a serial communication device, such as an RS-232 port, and/or a wireless interface device, such as an 802.11 card. may include one or more of In other implementations, input/output devices may include driver devices configured to receive input data and send output data to other input/output devices, such as keyboard, printer, and display devices 560 . However, other implementations may be used, such as a mobile computing device, a mobile communication device, a set top box television client device, and the like.

Although an exemplary processing system is described in FIG. 5 , implementations of the subject matter and functional operation described herein may be implemented in other types of digital electronic circuitry, or computer software, firmware, or other types including the structures disclosed herein and structural equivalents thereof, It may be implemented in hardware or a combination of one or more thereof.

A medium does not necessarily correspond to a file. The medium may be stored as part of a file containing other documents, in a single file dedicated to the document in question, or in several consolidated files.

Embodiments of the subject matter and operation described herein may be implemented in digital electronic circuitry comprising the structures disclosed herein and structural equivalents thereof, or implemented in computer software, firmware or hardware, or in a combination of one or more thereof. . Embodiments of the subject matter described herein are one or more computer programs, ie, one or more modules of computer program instructions executed by a data processing device or encoded in a computer storage medium (or medium) for controlling the operation of the data processing device. can be implemented as Alternatively or additionally, the program instructions include an artificially generated radio signal, eg, a machine-generated electrical signal generated to encode information for transmission to a receiver device suitable for execution by a data processing device; It may be encoded on an optical signal or an electromagnetic signal. A computer storage medium may be or be included in a computer-readable storage device, a computer-readable storage substrate, a random or serial access memory array or device, or a combination of one or more thereof. Moreover, while a computer storage medium is not a propagated signal, a computer storage medium can be a source or destination of computer program instructions encoded in an artificially generated propagated signal. Computer storage media may also be or be included in one or more separate physical components or media (eg, multiple CDs, disks, or other storage devices).

The operations described herein may be implemented as operations performed by a data processing apparatus on data stored in one or more computer-readable storage devices or received from other sources.

All features of each of the processes, methods, systems and apparatus described herein, including system 100 , method 200 , process 300 , process 400 , and system 500 are optionally described herein. Modify and apply only the parts necessary for other processes, methods, systems and devices that have been used. By way of example only, the features of the method 200 and the process 300 are selectively applied with modifications necessary for the process 400 .

The term "data processing apparatus" includes all kinds of apparatus, devices and machines for data processing, including, for example, programmable processors, computers, systems on a chip or many or combinations of the foregoing. The device may include special purpose logic circuitry such as, for example, an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The device may also contain, in addition to hardware, code that creates an execution environment for the computer program in question, for example, processor firmware, protocol stack, database management system, operating system, cross-platform runtime environment, virtual machine, or a combination of one or more of these. It can contain code that configures it. The device and execution environment may realize various computing model infrastructures, such as web services, distributed computing and grid computing infrastructure.

A computer program (also called a program, software, software application, script or code) may be written in any form of programming language, including compiled or interpreted language, declarative or procedural language, and may be a stand-alone program or module, component , subroutines, entities, or other units suitable for use in a computing environment. A computer program may, but not necessarily, correspond to a file in the file system. A program may be part of another program or file containing data (for example, one or more scripts stored in a markup language document), a single file dedicated to that program, or multiple control files (for example, one or more modules, subprograms, or code may be stored in a file that stores the part). A computer program may be distributed to run on one computer or multiple computers located at one site or distributed over multiple sites and interconnected by a telecommunications network.

The processes and logic flows described herein may be performed by one or more programmable processors executing one or more computer programs to perform operations by manipulating input data and generating output. Processes and logic flows may also be performed by special purpose logic circuits such as, for example, field programmable gate arrays (FPGAs) or application specific integrated circuits (ASICs), and the device may also be implemented as said special purpose logic circuit. can be

Processors suitable for the execution of a computer program include, for example, general-purpose and special-purpose microprocessors. Generally, a processor receives instructions and data from read-only memory or random access memory or both. Essential elements of a computer are a processor for performing operations according to instructions and one or more memory devices for storing instructions and data. In general, a computer may also include one or more mass storage devices for storing data, such as, for example, magnetic, magneto-optical disks or optical disks, or to receive data from, or to receive data from, the mass storage device. may be operatively coupled to transmit data to or both. However, a computer does not need such a device. A computer may also be connected to another device, such as a mobile phone, personal digital assistant (PDA), mobile audio or video player, game console, global positioning system (GPS) receiver, or portable storage device (eg, a universal serial bus). (USB) flash drive). Devices suitable for storing computer program instructions and data include, for example, semiconductor memory devices such as EPROM, EEPROM and flash memory devices; magnetic disks such as, for example, internal hard disks or removable disks; magneto-optical disk; and all forms of non-volatile memory, media and memory devices, including CD-ROM and DVD-ROM disks. The processor and memory may be supplemented by or integrated into special purpose logic circuitry.

To provide for interaction with a user, embodiments of the subject matter described herein may include a display device for displaying information to a user, such as a CRT (cathode ray tube) or LCD (liquid crystal display) monitor and a user computer It may be implemented on a computer with a pointing device capable of providing input to, for example, a mouse or a trackball. Also, other types of devices may be used to provide interaction with the user; For example, the feedback provided to the user may be any form of sensory feedback, such as, for example, visual feedback, auditory feedback, or tactile feedback; and input from the user may be received in any form including acoustic, voice, or tactile input. The computer may also interact with the user by sending and receiving documents to the device used by the user, for example, by sending a web page to the web browser of the user's client device in response to a request received at the web browser. there is.

Embodiments of the subject matter described herein include a back-end component, eg, a data server, or include a middleware component, eg, an application server, or include a front-end component, eg, herein In a computing system comprising a client computer having a web browser or graphical user interface that enables a user to interact with an implementation of the described subject matter, or comprising any combination of such back-end, middleware or front-end components. can be implemented. The components of the system may be interconnected by any form or medium of digital data communication, eg, a communication network. Examples of communication networks include local area networks (“LANs”) and wide area networks (“WANs”), mutual networks (eg, the Internet), and peer-to-peer networks (eg, ad hoc peer-to-peer networks). ) is included.

A computing system may include a client and a server. Clients and servers are typically isolated from each other and typically interact through a communications network. The relationship between client and server arises due to computer programs running on each computer and having a client-server relationship to each other. In some embodiments, the server sends data (eg, an HTML page) to the client device (eg, to display data on the client device and receive user input from a user interacting with the client device) . Data generated at the client device (eg, a result of a user interaction) may be received from the client device at a server.

Although this specification contains numerous specific implementation details, these should not be construed as limitations on the scope of what may be claimed, but rather as descriptions of constructions specific to particular embodiments of a particular invention. Certain features that are described herein in connection with separate embodiments may also be implemented in combination in a single embodiment. Conversely, various configurations that are described in the context of a single embodiment may also be implemented in multiple embodiments individually or in any suitable subcombination. Also, although elements may be described above as acting in particular combinations and even as initially claimed as such, one or more elements from a claimed combination may in some cases be eliminated from the combination, and the claimed combination may be a sub-combination. Or it can be induced by the modification of the partial combination.

Similarly, although acts are shown in the figures in a particular order, it should not be understood that the acts shown need to be performed sequentially or sequentially, or all acts shown need to be performed in order to achieve the desired act. . Multitasking and parallel processing can be advantageous in certain situations. Further, the separation of various system components in the above-described embodiments should not be construed as requiring such separation in all embodiments, and that the described program components and systems are generally integrated together in a single software product or that a plurality of software It should be understood to be packaged as a product.

Accordingly, specific embodiments of the present invention have been described. Other embodiments are within the scope of the following claims. In some cases, the acts recited in the claims may be performed in a different order and still achieve desirable results. Moreover, the processes shown in the accompanying drawings do not necessarily require the specific order shown or sequential order to achieve desirable results. In certain implementations, multitasking and parallel processing may be advantageous.

Claims (20)

in a way,
Receiving, by a first multiparty computing (MPC) server of the MPC cluster and from a second MPC server of the MPC cluster, a request for selection criteria of at least one interest group among a set of two or more interest groups to which a particular user of a client device belongs receiving the request, wherein the received request does not disclose an identifier of the client device to the first MPC server;
In response to receiving the request,
An ordered selection criterion of at least one interest group of a set of two or more interest groups to which a particular user of the client device belongs, retrieved from the cache of the first MPC server using the portion of the request protected from being published by the second MPC server. determining by the first MPC server the set of ;
converting the sorted set of selection criteria into a set of key/value pairs, wherein the value of each key/value pair is protected from being disclosed by the second MPC server. converting to a set of pairs; and
A set of key/value pairs together with data that enables, by the first MPC server, the second MPC server to identify the key with the highest value without disclosing, by the first MPC server, the value of the set of key/value pairs to the second MPC server. sending to the second MPC server. According to claim 1,
receiving, by the first MPC server and from a content distribution system different from the first MPC server and the second MPC server, given selection criteria of a given interest group predicted to include a particular user of the client device by the content distribution system; ; and
caching, by the first MPC server and in the cache of the first MPC server, a given selection criterion of a given interest group predicted to include a particular user of the client device. 3. The method of claim 2,
receiving, by the content distribution system, the content request submitted by the client device;
in response to the content request, generating candidate selection criteria in response to the content request;
determining a given interest group predicted to include a particular user of the client device based on the content request;
generating a given selection criterion of a given interest group based on a determination that the given interest group is predicted to include a particular user of the client device;
sending, by the content distribution system, the candidate distribution criterion and the given distribution criterion to the client device; and
and sending, by the content distribution system, the given distribution criteria of the given interest group to the first MPC server, but not the candidate distribution criteria. In the preceding claim,
receiving by the second MPC server a first encrypted request that cannot be accessed by the second MPC server;
forwarding the first encrypted request by the second MPC server to the first MPC server;
receiving a set of key/value pairs from a first MPC server;
identifying the given key/value pair with the highest value without publishing the value of the key/value pair by the second MPC server;
generating a first encrypted signed response to a first encrypted request comprising a given key/value pair, wherein the first signed response is signed with a private key of a second MPC server. generating a response; and
and sending a first encrypted signed response to the client device in response to the first encrypted request. 5. The method of claim 4,
receiving, by the client device, the first encrypted signed response sent by the second MPC server;
confirming by the client device that the first encrypted and signed response was signed by the first MPC server;
recovering the first interest group from the first signed response by the client device;
confirming by the client device that the first interest group includes the specific user;
confirming that the value of the key/value pair given by the client device is signed by the first MPC server;
decrypting the value of the given key/value pair to recover the first selection criterion by the client device;
receiving, by the client device, the candidate selection criteria and the given selection criteria from the content distribution system; and
selecting, by the client device, a control selection criterion from among the first selection criterion, the given selection criterion, and the candidate selection criterion. 6. The method of claim 5,
describing by the client device an interest group comprising a particular user as a first interest group set and a second interest group set different from the first interest group set;
sending, by the client device, to a second MPC server a first encrypted request comprising a first set of interest groups comprising the particular user;
sending, by the client device, to the first MPC server a second encrypted request comprising a second set of interest groups comprising the specific user;
receiving, by the client device, a second signed response sent by the first MPC server;
confirming that the second signed response by the client device is signed by the second MPC server;
recovering the designated interest group from the response signed by the client device;
confirming that the interest group designated by the client device includes the specific user;
confirming that the value of the key/value pair given by the client device is signed by the second MPC server; and
also comprising decrypting, by the client device, a value of the given key/value pair to recover a third selection criterion, wherein selecting the control selection criterion comprises the first selection criterion, the given selection criterion, the candidate selection criterion and the third and selecting a control selection criterion from among the selection criteria. 7. The method according to any one of claims 4 to 6,
receiving by the first MPC server a second encrypted request that cannot be accessed by the first MPC server;
forwarding the second encrypted request by the first MPC server to the second MPC server;
receiving a different set of key/value pairs from a second MPC server;
identifying, by the first MPC server, a particular key/value pair having a highest value without disclosing different sets of key/value pair values;
generating a second signed response to a second encrypted request comprising a specific key/value pair, wherein the first signed response is signed with a private key of a second MPC server step; and
and sending a second signed response to the client device in response to the second encrypted request. as a system,
one or more processors; and
one or more memory elements comprising instructions that, when executed, cause one or more processors to perform an operation, the operation comprising:
receiving, by a first multiparty computing (MPC) system server of the MPC cluster and from a second MPC server of the MPC cluster, a request for selection criteria of at least one interest group among a set of two or more interest groups to which a particular user of the client device belongs receiving the request, wherein the received request does not disclose the identifier of the client device to the first MPC server;
In response to receiving the request,
An ordered selection of at least one interest group of a set of two or more interest groups to which a particular user of the client device belongs, retrieved from the cache of the first MPC server using the portion of the request protected from being published by the second MPC server. determining, by the first MPC server, the set of criteria;
converting the sorted set of selection criteria into a set of key/value pairs, wherein the value of each key/value pair is protected from being disclosed by the second MPC server; converting to a set of pairs; and
A set of key/value pairs together with data that enables, by the first MPC server, the second MPC server to identify the key with the highest value without disclosing, by the first MPC server, the value of the set of key/value pairs to the second MPC server. sending to the second MPC server. 9. The method of claim 8,
The action is
receiving, by the first MPC server and from a content distribution system different from the first MPC server and the second MPC server, given selection criteria of a given interest group predicted to include a particular user of the client device by the content distribution system; ; and
caching, by the first MPC server and in the cache of the first MPC server, the given selection criteria of the given interest group predicted to include the particular user of the client device. 10. The method of claim 9,
The action is
receiving, by the content distribution system, the content request submitted by the client device;
in response to the content request, generating candidate selection criteria in response to the content request;
determining a given interest group predicted to include a particular user of the client device based on the content request;
generating a given selection criterion of a given interest group based on a determination that the given interest group is predicted to include a particular user of the client device;
sending, by the content distribution system, the candidate distribution criterion and the given distribution criterion to the client device; and
and sending, by the content distribution system, the given distribution criteria of the given interest group to the first MPC server, but not the candidate distribution criteria. 11. The method according to any one of claims 8 to 10,
The action is
receiving by the second MPC server a first encrypted request that cannot be accessed by the second MPC server;
forwarding the first encrypted request by the second MPC server to the first MPC server;
receiving a set of key/value pairs from a first MPC server;
identifying the given key/value pair with the highest value without publishing the value of the key/value pair by the second MPC server;
generating a first encrypted signed response to a first encrypted request comprising a given key/value pair, wherein the first signed response is signed with a private key of a second MPC server. generating a response; and
and sending a first encrypted signed response to the client device in response to the first encrypted request. 12. The method of claim 11,
The action is
receiving, by the client device, the first encrypted signed response sent by the second MPC server;
confirming by the client device that the first encrypted and signed response was signed by the first MPC server;
recovering the first interest group from the first signed response by the client device;
confirming by the client device that the first interest group includes the specific user;
confirming that the value of the key/value pair given by the client device is signed by the first MPC server;
decrypting the value of the given key/value pair to recover the first selection criterion by the client device;
receiving, by the client device, the candidate selection criteria and the given selection criteria from the content distribution system; and
selecting, by the client device, a control selection criterion from among the first selection criterion, the given selection criterion, and the candidate selection criterion. 13. The method of claim 12,
The action is
describing by the client device an interest group comprising a particular user as a first interest group set and a second interest group set different from the first interest group set;
sending, by the client device, to a second MPC server a first encrypted request comprising a first set of interest groups comprising the particular user;
sending, by the client device, to the first MPC server a second encrypted request comprising a second set of interest groups comprising the specific user;
receiving, by the client device, a second signed response sent by the first MPC server;
confirming that the second signed response by the client device is signed by the second MPC server;
recovering the designated interest group from the response signed by the client device;
confirming that the interest group designated by the client device includes the specific user;
confirming that the value of the key/value pair given by the client device is signed by the second MPC server; and
also comprising decrypting, by the client device, a value of the given key/value pair to recover a third selection criterion, wherein selecting the control selection criterion comprises the first selection criterion, the given selection criterion, the candidate selection criterion and the third and selecting a control selection criterion from among the selection criteria. 14. The method according to any one of claims 11 to 13,
The action is
receiving by the first MPC server a second encrypted request that cannot be accessed by the first MPC server;
forwarding the second encrypted request by the first MPC server to the second MPC server;
receiving a different set of key/value pairs from a second MPC server;
identifying, by the first MPC server, a particular key/value pair having a highest value without disclosing different sets of key/value pair values;
generating a second signed response to a second encrypted request comprising a specific key/value pair, wherein the first signed response is signed with a private key of a second MPC server step; and
and sending a second signed response to the client device in response to the second encrypted request. A non-transitory computer storage medium encoded with instructions that, when executed by a computing system, cause the computing system to perform operations, comprising:
The action is
Receiving, by a first multiparty computing (MPC) server of the MPC cluster and from a second MPC server of the MPC cluster, a request for selection criteria of at least one interest group among a set of two or more interest groups to which a particular user of a client device belongs receiving the request, wherein the received request does not disclose an identifier of the client device to the first MPC server;
In response to receiving the request,
An ordered selection of at least one interest group of a set of two or more interest groups to which a particular user of the client device belongs, retrieved from the cache of the first MPC server using the portion of the request protected from being published by the second MPC server. determining, by the first MPC server, the set of criteria;
converting the sorted set of selection criteria into a set of key/value pairs, wherein the value of each key/value pair is protected from being disclosed by the second MPC server; converting to a set of pairs; and
A set of key/value pairs together with data that enables, by the first MPC server, the second MPC server to identify the key with the highest value without disclosing, by the first MPC server, the value of the set of key/value pairs to the second MPC server. and transmitting to the second MPC server. 16. The method of claim 15,
The action is
receiving, by the first MPC server and from a content distribution system different from the first MPC server and the second MPC server, given selection criteria of a given interest group predicted to include a particular user of the client device by the content distribution system; ; and
caching, by the first MPC server and in a cache of the first MPC server, a given selection criterion of a given interest group predicted to include a particular user of the client device; media. 17. The method of claim 16,
The action is
receiving, by the content distribution system, the content request submitted by the client device;
in response to the content request, generating candidate selection criteria in response to the content request;
determining a given interest group predicted to include a particular user of the client device based on the content request;
generating a given selection criterion of a given interest group based on a determination that the given interest group is predicted to include a particular user of the client device;
sending, by the content distribution system, the candidate distribution criterion and the given distribution criterion to the client device; and
and sending, by the content distribution system, the given distribution criteria of the given interest group to the first MPC server, but not the candidate distribution criteria. 18. The method according to any one of claims 15 to 17,
receiving by the second MPC server a first encrypted request that cannot be accessed by the second MPC server;
forwarding the first encrypted request by the second MPC server to the first MPC server;
receiving a set of key/value pairs from a first MPC server;
identifying the given key/value pair with the highest value without publishing the value of the key/value pair by the second MPC server;
generating a first encrypted signed response to a first encrypted request comprising a given key/value pair, wherein the first signed response is signed with a private key of a second MPC server. generating a response; and
and sending a first encrypted signed response to the client device in response to the first encrypted request. 19. The method of claim 18,
The action is
receiving, by the client device, the first encrypted signed response sent by the second MPC server;
confirming by the client device that the first encrypted and signed response was signed by the first MPC server;
recovering the first interest group from the first signed response by the client device;
confirming by the client device that the first interest group includes the specific user;
confirming that the value of the key/value pair given by the client device is signed by the first MPC server;
decrypting the value of the given key/value pair to recover the first selection criterion by the client device;
receiving, by the client device, the candidate selection criteria and the given selection criteria from the content distribution system; and
and selecting, by the client device, a control selection criterion from among the first selection criterion, the given selection criterion, and the candidate selection criterion. 20. The method of claim 19,
The action is
describing by the client device an interest group comprising a particular user as a first interest group set and a second interest group set different from the first interest group set;
sending, by the client device, to a second MPC server a first encrypted request comprising a first set of interest groups comprising the particular user;
sending, by the client device, to the first MPC server a second encrypted request comprising a second set of interest groups comprising the specific user;
receiving, by the client device, a second signed response sent by the first MPC server;
confirming that the second signed response by the client device is signed by the second MPC server;
recovering the designated interest group from the response signed by the client device;
confirming that the interest group designated by the client device includes the specific user;
confirming that the value of the key/value pair given by the client device is signed by the second MPC server; and
also comprising decrypting, by the client device, a value of the given key/value pair to recover a third selection criterion, wherein selecting the control selection criterion comprises the first selection criterion, the given selection criterion, the candidate selection criterion and the third and selecting a control selection criterion from among the selection criteria.

Images